In an embodiment, a model is sliced into a plurality of slices. A slice in the plurality of slices is selected. A portion of code, that corresponds to the selected slice, is identified from code generated from the model. The identified code is verified to be equivalent to the selected slice. Equivalence may include equivalent functionality, equivalent data types, equivalent performance, and or other forms of equivalence between the selected slice and the identified generated code.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. One or more tangible non-transitory computer-readable storage media storing instructions, the instructions comprising: one or more instructions that, when executed by one or more processors, cause the one or more processors to: slice a model into a plurality of slices, each slice, of the plurality of slices, including a different portion of the model; select a slice from the plurality of slices; generate a first intermediate representation based on the selected slice; identify a portion of code, in code generated from the model, that corresponds to the selected slice; generate a second intermediate representation based on the portion of code; normalize the first intermediate representation and the second intermediate representation; compare the normalized first intermediate representation with the normalized second intermediate representation; and verify, based on the comparing the normalized first intermediate representation and the normalized second intermediate representation, whether the portion of code is equivalent to the selected slice.
The system verifies code generated from a model by slicing the model into smaller, distinct parts. For each slice, it identifies the corresponding code in the generated output. Then, it creates an intermediate representation (IR) of both the slice and the code. These IRs are normalized to allow for accurate comparison. The system compares the normalized IRs to determine if the code accurately reflects the behavior of the model slice. If the IRs match, the code is considered verified for that slice. This process uses computer-readable storage media to store and execute the described instructions.
2. The one or more tangible non-transitory computer-readable media of claim 1 , where the instructions further comprise: one or more instructions to detect, based on the comparing, a verification failure.
The system described above, which verifies generated code against a model by comparing normalized intermediate representations of model slices and corresponding code portions, further includes a component that detects verification failures based on the comparison. When the comparison reveals differences between the normalized IRs, the system flags a failure, indicating that the code does not accurately reflect the model. This failure detection is a key aspect of ensuring the generated code's reliability.
3. The one or more tangible non-transitory computer-readable media of claim 2 , where the instructions further comprise: one or more instructions to generate a report including information regarding the verification failure; and one or more instructions to provide the report.
Building upon the system that verifies generated code against a model and detects verification failures, this improvement adds a reporting capability. Upon detecting a verification failure (as described previously), the system generates a report detailing the failure. This report includes relevant information about the failed verification, such as the specific slice and code involved, the differences in their intermediate representations, and the nature of the discrepancy. The report is then provided to the user or development team for analysis and correction.
4. The one or more tangible non-transitory computer-readable media of claim 2 , where the one or more instructions to detect the verification failure include: one or more instructions to determine that the normalized second intermediate representation includes an element not corresponding with any element included in the normalized first intermediate representation.
In the system that verifies generated code by comparing intermediate representations, the detection of a verification failure occurs when the normalized intermediate representation of the generated code contains an element that has no corresponding element in the normalized intermediate representation of the original model slice. This means if the code's IR shows functionality or data that isn't present in the model's IR, a verification failure is triggered, indicating an error or unexpected behavior in the code.
5. The one or more tangible non-transitory computer-readable media of claim 1 , where the instructions further comprise: one or more instructions to select a second slice from the plurality of slices; one or more instructions to generate a third intermediate representation based on the second selected slice; one or more instructions to identify a second portion of code, in code generated from the model, that corresponds to the second selected slice; one or more instructions to generate a fourth intermediate representation based on the second portion of code; one or more instructions to normalize the third intermediate representation and the fourth intermediate representation; one or more instructions to compare the normalized third intermediate representation with the normalized fourth intermediate representation; and one or more instructions to verify, based on the comparing the normalized third intermediate representation and the normalized fourth intermediate representation, whether the second portion of code is equivalent to the second selected slice.
The system extends the verification process by repeating it for multiple slices of the model. After verifying the code corresponding to a first slice, the system selects a second slice. It then generates an intermediate representation for this second slice and identifies the corresponding code in the generated output. A second intermediate representation is generated based on the identified code. Both intermediate representations are normalized, compared, and verified for equivalence, just as it did for the first slice. This ensures that the entire generated code is verified slice by slice.
6. The one or more tangible non-transitory computer-readable media of claim 1 , where the one or more instructions to generate the first intermediate representation include: one or more instructions to generate an element connectivity list based on the selected slice.
When generating the first intermediate representation (IR) of the selected model slice for verification, the system specifically creates an element connectivity list. This list represents the relationships and connections between different elements within the model slice. This connectivity information is crucial for accurately representing the slice's structure and behavior, enabling a more precise comparison with the generated code's IR.
7. The one or more tangible non-transitory computer-readable media of claim 1 , where the one or more instructions to generate the second intermediate representation include: one or more instructions to generate an abstract syntax tree based on the portion of code.
In the process of verifying generated code, when generating the second intermediate representation (IR) of the identified code portion, the system uses an abstract syntax tree (AST). The AST represents the code's structure and syntax in a hierarchical tree format. This facilitates the analysis of the code's logic and data flow, making it easier to compare against the model slice's IR.
8. The one or more tangible non-transitory computer-readable media of claim 1 , where the instructions further comprise: one or more instructions to generate a program dependency intermediate representation based on one or more data dependencies in the portion of the code and based on one or more control dependencies in the portion of the code, and the one or more instructions to slice the model include: one or more instructions to slice the program dependency intermediate representation into the plurality of slices.
To aid the model slicing process, a program dependency intermediate representation (PDIR) is generated that captures both data and control dependencies within the generated code. The model is then sliced based on this PDIR. This allows for a more informed and relevant slicing of the model, improving the accuracy and effectiveness of the subsequent verification process.
9. The one or more tangible non-transitory computer-readable media of claim 8 , where the program dependency intermediate representation includes a graph G(e, v), where e represents one or more edges and v represents a plurality of vertices, and where the one or more instructions to slice the program dependency intermediate representation include: one or more instructions to slice the program dependency intermediate representation based on determining that given a vertex v i , of the plurality of vertices of the graph G(e, v), a slice of graph G(e, v), with respect to v i , is a graph G′(e′, v′) that contains one or more vertices, of the plurality of vertices, of which v i has a transitive flow or a control dependency.
Building on the use of a Program Dependency Intermediate Representation (PDIR) for model slicing, the PDIR is represented as a graph G(e, v), where 'e' represents edges and 'v' represents vertices. The slicing of the PDIR is performed such that, for a given vertex vi in the graph, the slice G′(e′, v′) contains all vertices that have a transitive flow or control dependency on vi. This ensures that each slice captures all relevant dependencies, leading to a more comprehensive verification process.
10. The one or more tangible non-transitory computer-readable media of claim 1 , where the one or more instructions to generate the second intermediate representation include: one or more instructions to generate a program dependency graph based on the portion of code, and the one or more instructions to normalize the first intermediate representation and the second intermediate representation include: one or more instructions to normalize the program dependency graph.
The system uses a program dependency graph (PDG) as the second intermediate representation of the generated code. When normalizing the first intermediate representation (of the model slice) and the second intermediate representation (the PDG), the PDG itself is normalized. This normalization step ensures a fair and accurate comparison between the model slice and the code, even if their initial representations differ in structure or format.
11. The one or more tangible non-transitory computer-readable media of claim 1 , where the portion of code contains a statement, the instructions further comprise: one or more instructions to identify a semantic equivalent for the statement in the portion of code; and one or more instructions to replace the statement in the portion of code with the identified semantic equivalent, and the one or more instructions to generate the second intermediate representation include: one or more instructions to generate the second intermediate representation based on replacing the statement with the semantic equivalent.
The code verification system handles cases where the generated code contains statements that can be semantically equivalent to alternative forms. The system identifies such semantic equivalents for statements in the code portion and replaces the original statement with its identified semantic equivalent. The second intermediate representation is then generated based on this replaced statement, allowing for a verification that accounts for semantic variations in the code.
12. The one or more tangible non-transitory computer-readable media of claim 1 , where the portion of code contains a plurality of statements, the instructions further comprise: one or more instructions to replace the plurality of statements in the portion of code with a phi node, the phi node representing at least one of: a control flow of the replaced plurality of statements, or a data flow of the replaced plurality of statements, and the one or more instructions to generate the second intermediate representation include: one or more instructions to generate the second intermediate representation based on replacing the plurality of statements with the phi node.
When the generated code contains multiple statements, the system can replace these statements with a phi node. The phi node represents either the control flow or the data flow (or both) of the replaced statements. The second intermediate representation is then generated based on the code with the phi node inserted, enabling the system to handle complex code structures and simplify the verification process.
13. The one or more tangible non-transitory computer-readable media of claim 1 , where the instructions further comprise: one or more instructions to perform a transformation operation on the second intermediate representation; and one or more instructions to provide a result of the transformation operation performed on the second intermediate representation, the result including information related to a change made to the second intermediate representation based on performing the transformation operation on the second intermediate representation.
The system includes a transformation operation performed on the second intermediate representation (IR) of the generated code. The system then outputs information about the changes made to the IR as a result of the transformation. This allows developers to understand how the IR was modified and helps in debugging or understanding the verification process.
14. The one or more tangible non-transitory computer-readable media of claim 1 , where the instructions further comprise: one or more instructions to identify an element in the selected slice for which corresponding code in the generated code cannot be identified; and one or more instructions to separate the element from the selected slice for separate verification.
If the system identifies an element in the selected model slice for which corresponding code cannot be found in the generated code, it separates that element from the slice. This allows the system to focus on verifying the verifiable parts of the slice, while addressing the unverifiable element separately, potentially through manual inspection or alternative verification methods.
15. The one or more tangible non-transitory computer-readable media of claim 1 , where the instructions further comprise: one or more instructions to indicate, in a block diagram display of the model, that a portion of the model, included in the selected slice, is unverifiable.
The system visually indicates unverifiable portions of the model in a block diagram display. If a part of the model, included in the selected slice, is determined to be unverifiable, the system marks that portion in the diagram. This provides a clear visual indication to developers about the parts of the model that require special attention.
16. The one or more tangible non-transitory computer-readable media of claim 1 , where the instructions further comprise: one or more instructions to identify an element in the selected slice which cannot be verified; and one or more instructions to modify the identified element to make the identified element verifiable.
If the system identifies an element in the selected model slice that cannot be verified automatically, it attempts to modify that element to make it verifiable. This could involve simplifying the element, refactoring the code, or applying other transformations to enable automated verification. This increases the overall portion of the model that can be automatically verified.
17. The one or more tangible non-transitory computer-readable media of claim 1 , where the one or more instructions to verify whether the portion of code is equivalent to the selected slice include: one or more instructions to verify whether the portion of code is equivalent to the selected slice independent of verifying another slice, of the plurality of slices, is equivalent to another portion of code.
The system verifies the generated code slice by slice, ensuring that the verification of one slice is independent of the verification of any other slice. This means that a failure in one slice's verification does not prevent the system from verifying other slices. This allows for a more modular and robust verification process, where errors are isolated and addressed individually.
18. The one or more tangible non-transitory computer-readable media of claim 17 , where the other slice is unverifiable.
The slice-by-slice verification system, where each slice is verified independently, includes a scenario where one of the slices is deemed unverifiable. Because of the independent nature of the verification process, the other slices can still be verified even if one slice is not.
19. The one or more tangible non-transitory computer-readable media of claim 17 , where the instructions further comprise: one or more instructions to verify the other slice is equivalent to the other portion of code based on a manual verification.
Building on the independent slice verification process, if one slice is unverifiable through automated means, the system allows for manual verification of that particular slice. This ensures that even the most complex or unusual parts of the model can be verified, albeit through a more labor-intensive process.
20. A method comprising: selecting a slice of a model from a plurality of slices of the model, the plurality of slices of the model being identified based on one or more criteria, and the selecting the slice being performed by a device; identifying a portion of code, in code generated for the model, that corresponds to the slice, the identifying the portion of code being performed by the device; generating an intermediate representation (IR) of the slice of the model, the generating the IR of the slice being performed by the device; generating an IR of the portion of code, the generating the IR of the portion of the code being performed by the device; normalizing the IR of the slice and the IR of the portion of the code, the normalizing the IR of the slice and the IR of the portion of code being performed by the device; comparing the normalized IR of the slice with the normalized IR of the portion of code, the comparing the normalized IR of the slice with the normalized IR of the portion of code being performed by the device; and verifying, based on the comparing the normalized IR of the slice and the normalized IR of the portion of code, whether the portion of code is equivalent to the slice, the verifying whether the slice is equivalent to the portion of code being performed by the device.
The method involves selecting a slice from a model that has been divided into multiple slices based on specific criteria. The slice selection is performed by a device. The device identifies the portion of code, within the generated code, corresponding to the selected slice. It generates an intermediate representation (IR) of both the selected slice and the corresponding code portion. These IRs are then normalized. The normalized IRs are compared. Finally, based on this comparison, the device determines if the code portion is equivalent to the model slice, thus verifying the code's correctness.
21. The method of claim 20 , where the portion of code includes one or more data dependencies and one or more control dependencies, and generating the IR of the portion of code includes: generating a program dependency graph that represents the one or more data dependencies and the one or more control dependencies; and slicing the program dependency graph, where the program dependency graph includes a graph G(e, v), where e represents one or more edges and v represents a plurality of vertices, and where the program dependency graph is sliced based on: given a vertex v i of the graph G(e, v), a slice, of the plurality of slices of graph G(e, v), with respect to v i is a graph G′(e′, v′) containing one or more vertices, of the plurality of vertices, of which v i has a transitive flow or a control dependency.
The method of verifying generated code, which involves comparing intermediate representations of model slices and corresponding code portions, handles cases where the code includes data and control dependencies. To represent these dependencies, a program dependency graph (PDG) is generated. The PDG is then sliced, where each slice comprises vertices having transitive flow or control dependencies on a given vertex. This allows for a more detailed and accurate verification process.
22. The method of claim 21 , where generating the IR of the portion of the code includes: performing a transformation on the IR of the portion of the code, and the method further comprises: outputting information identifying a change made to the IR of the portion of the code, the change being made to the IR of the portion of the code based on performing the transformation on the IR of the portion of the code.
The code verification method which relies on intermediate representations of the code portion, includes an additional step: a transformation on the intermediate representation (IR) of the code portion. Information about the changes made by the transformation is outputted. This provides insights into the modifications applied to the IR and helps with debugging or understanding the verification process.
23. The method of claim 20 , where verifying whether the portion of code is equivalent to the slice includes: verifying whether the portion of code is equivalent to the slice independent of verifying another slice, of the plurality of slices, is equivalent to another portion of code.
The code verification method that compares intermediate representations on a slice-by-slice basis verifies the generated code slice by slice, ensuring that the verification of one slice is independent of the verification of any other slice. This independent verification allows the process to isolate and address issues individually.
24. The method of claim 23 , where the other slice is unverifiable.
The independent slice verification method, where each slice is verified independently of the others, allows that one of the slices can be identified as unverifiable. But the unverified status of a given slice does not block the verification of other slices.
25. The method of claim 23 , where the method further comprises: verifying the other slice is equivalent to the other portion of code based on a manual verification.
The independent slice verification method that allows for some slices to be marked as unverifiable, permits the manual verification of the unverifiable slices. This provides a means of verification even when automated means are insufficient.
26. A device comprising: one or more processors, implemented at least partially in hardware, to: slice a model into a plurality of slices, each slice, of the plurality of slices, including a different portion of the model; select a slice from the plurality of slices; generate a first intermediate representation based on the selected slice; identify a portion of code, in code generated from the model, that corresponds to the selected slice; generate a second intermediate representation based on the portion of code; normalize the first intermediate representation and the second intermediate representation; compare the normalized first intermediate representation with the normalized second intermediate representation; and verify, based on the comparing the normalized first intermediate representation and the normalized second intermediate representation, whether the portion of code is equivalent to the selected slice.
The device validates code generated from a model by dividing the model into distinct slices. Each slice represents a different portion of the original model. The device selects a slice and creates an intermediate representation (IR) based on it. Then, it finds the matching code section in the generated code and creates another IR for that code. These IRs are normalized and then compared. Based on the comparison, the device determines whether the code accurately implements the behavior defined in the model slice. The one or more processors involved are at least partially implemented in hardware.
27. The device of claim 26 , where the one or more processors, when verifying whether the portion of code is equivalent to the selected slice, are to: verify whether the portion of code is equivalent to the selected slice independent of verifying another slice, of the plurality of slices, is equivalent to another portion of code.
The hardware-implemented device for verifying generated code by comparing intermediate representations on a slice-by-slice basis validates code slice by slice, ensuring that the verification of any given slice is independent of the verification of any other slice. The independence of the process allows for isolated and individual treatment of any given issues.
28. The device of claim 27 , where the other slice is unverifiable.
The hardware-implemented code verification device featuring slice-by-slice verification can handle scenarios where one of the slices is deemed unverifiable by automated means. The other slices are able to proceed independently of the unverifiable slice.
29. The device of claim 27 , where the one or more processors are further to: verify the other slice is equivalent to the other portion of code based on a manual verification.
The hardware-implemented code verification device that independently verifies code slices and that allows for a slice to be marked as unverifiable also enables manual verification of the other slice. This allows for slices that are not auto-verifiable can still be verified manually.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
September 2, 2014
April 4, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.